This post is also available in: עברית (Hebrew)
A series of recent cyber attacks used basic tools to break into power company networks and threaten their automated systems, according to a memo sent by the Department of Homeland Security.
In the memo, sent to electric and nuclear sector CEOs and obtained by the Houston Chronicle, the department, for the second time, urged energy companies to beef up security after recent physical and online attacks threatened serious damage to infrastructure and equipment.
i-HLS Israel Homeland Security
According to Fuel Fix a source said he received the memo from the Department of Homeland Security on Monday. The memo expanded on a rush of online attacks that prompted an initial department alert on May 9. The additional alert pressed for added action from energy companies.
“In at least one case, the attackers successfully obtained all the information needed to access the industrial control systems environment,” the memo said of the online attacks.
Hackers: Cyber attack risk high for oil and gas industry
Industrial control systems manage an array of automated operations handled by energy companies, but hackers could force them to malfunction and cause major issues. A similar attack targeting industrial control systems in Iran was able to destroy centrifuges at a nuclear facility there in 2010.
The recent U.S. attacks hit several companies and involved simple approaches used by hackers, the memo said.
Simple hacking methods can include brute force attacks, where hackers attempt to break into systems using a variety of password combinations. They can also include common malicious software that is not threatening to an updated computer, but can cause problems on a system with old software that is not protected against such malware.
“While the identified tools and techniques are common and easy to obtain in the public domain, it is notable that attackers successfully deployed them against several U.S. energy and critical manufacturing sector targets over a period of weeks,” the memo said.
The department did not respond to requests for comment.